Yellow Dog Linux Security Announcement
--------------------------------------
Package:	balsa/mutt
Issue Date:	Apr 23,2003   
Priority:	medium
Advisory ID: 	YDU-20030423-5


1. 	Topic:

	Updated balsa and mutt packages are available.


2. 	Problem:
	
	"A potential buffer overflow in mutt version 1.4 exists when parsing
	mailbox names returned by an IMAP server. It is possible that a hostile IMAP
	server could cause arbitrary code to be executed by the user running mutt. 

	Versions 1.2 and higher of balsa incorporate the vulnerable mutt IMAP
	code and are therefore vulnerable to this issue as well. It is possible
	that a hostile IMAP server could cause arbitrary code to be executed by the
	user running balsa."

	(From Red Hat Advisory)

	The above packages also needs an updated package of libgnomeprintui, which is 
	also provided.
	

3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update 
		apt-get install balsa  
		apt-get update
		apt-get install mutt 
		apt-get update
		apt-get install libgnomeprintui

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/mutt-1.4.1-1.ppc.rpm       
			ppc/balsa-2.0.6-2.ppc.rpm        
			ppc/libgnomeprintui-1.116.0-4a.ppc.rpm
			ppc/libgnomeprintui-devel-1.116.0-4a.ppc.rpm
			

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
4897a19e470204aced19fd5640397901  SRPMS/balsa-2.0.6-2.src.rpm
969c71eae2ce7b97719db4bbf7f94045  SRPMS/mutt-1.4.1-1.src.rpm
ff44fd7224e652ad9617ba9c5a25d5fd  SRPMS/libgnomeprintui-1.116.0-4a.src.rpm
ba331d1a3ea8b410492308f2514d98e5  ppc/balsa-2.0.6-2.ppc.rpm
e3d85dd10a5d8e3dab3730c71f305874  ppc/mutt-1.4.1-1.ppc.rpm
fe34ddc389a5312f56ab78c75700d6e4  ppc/libgnomeprintui-1.116.0-4a.ppc.rpm
e446f69db5cf2ea3e5288f6e671aa978  ppc/libgnomeprintui-devel-1.116.0-4a.ppc.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml